[webauthn] Review of WD08

Kieun has just created a new issue for https://github.com/w3c/webauthn:

== Review of WD08 ==
Since the lack of time for reviewing full documents, I added some suggestions after reading the part of the specs.

1. In Abstract section, there is a high level description of this spec. Since attestation also involves signature generation, we may use _attestation_ in stead of _signature_ from the following sentence.
   > This specification also describes the functional model for WebAuthn conformant authenticators, including their **signature** and attestation functionality.

2. Chapter 2.4 describes CBOR encoding by referring FIDO2 CTAP Spec. The link for the spec is broken. Also chapter 3 has same reference which is broken.
Here's valid link for the spec

3. Regarding FIDO AppID definition in Chapter 3, we may add link to FIDO AppID extension (https://www.w3.org/TR/2018/WD-webauthn-20180306/#sctn-appid-extension).

4. In Chapter 4, there is a terminology regarding an Authenticator. Since some authenticator dose not have user verification features, we need to add **user presence test** to following sentence.
   > A cryptographic entity used by a WebAuthn Client to (i) generate a public key credential and register it with a Relying Party, and (ii) authenticate by potentially verifying the user, and then cryptographically signing and returning, in the form of an Authentication Assertion, a challenge and other data presented by a Relying Party (in concert with the WebAuthn Client).

5. In Chapter 4, Client-side-resident Credential Private Key is described. There is a term **roaming authenticator**. We may refer following link.
Also we may change Authenticator to authenticator in this description.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/831 using your GitHub account

Received on Friday, 9 March 2018 08:03:22 UTC